Back to skill
Skillv1.1.2
ClawScan security
Self-Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 13, 2026, 7:54 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it uses the Membrane API to connect to external apps and only requests the Membrane token and API URL that are required for that purpose.
- Guidance
- This skill delegates access to other apps through the Membrane service. Before installing, ensure you trust the Membrane service and only supply a token with the minimum scope needed (or a limited/test account) because the token lets the skill perform actions on connected apps. Understand that the agent will initiate connection flows that may require the user to open authentication URLs to grant access to external services. If you need stronger assurances, ask for details about token scope, audit logs, and how to revoke the token.
Review Dimensions
- Purpose & Capability
- okName and description say the skill will connect to external apps via Membrane; the only required secrets are MEMBRANE_TOKEN and MEMBRANE_API_URL, which directly match that purpose. There are no unrelated binaries, paths, or extra credentials requested.
- Instruction Scope
- okSKILL.md instructs the agent to call Membrane endpoints (connections, search, connection-requests, agent sessions, actions) and to prompt the user to complete OAuth flows. It does not instruct the agent to read local files, other env vars, or exfiltrate data to third-party endpoints outside the Membrane API. Use of Membrane Agent sessions to auto-build connectors/actions is in-scope for the described capability.
- Install Mechanism
- okNo install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself, which minimizes install risk.
- Credentials
- okOnly MEMBRANE_TOKEN (primary) and MEMBRANE_API_URL are required. Both are directly relevant for calling the Membrane API. There are no unrelated secrets or high-privilege environment variables requested.
- Persistence & Privilege
- okThe skill is not forced-always; it is user-invocable and allows normal autonomous invocation (platform default). It doesn't request to modify other skills or system-wide settings.